Resubmissions

09-04-2024 08:37

240409-kjmxvaeb2s 10

09-04-2024 08:37

240409-kjmbbaag86 10

09-04-2024 08:37

240409-kjlpsaea91 10

07-02-2024 14:38

240207-rzqr1ahge3 10

General

  • Target

    4470dffdf485099a7ebbe92b3e8d1db1ff14d8b2c39e3aabaa69c8122e86b91b.elf

  • Size

    168KB

  • Sample

    240409-kjmbbaag86

  • MD5

    635310bf9fce382320b3ee8716a1424f

  • SHA1

    e80ec55bfb60d8629d887e07f925adcc09edd301

  • SHA256

    4470dffdf485099a7ebbe92b3e8d1db1ff14d8b2c39e3aabaa69c8122e86b91b

  • SHA512

    7889bb91634d2dbaa7c5eb70314f7d80590fc770cb31e178c547f38a0ccccd6c297d831b687589126316ea80d8a237ccd6afc4e0b41b8103b0ad9c6575a6cd88

  • SSDEEP

    3072:8PSi28gcKeX9BCxDFwlcgPifbAIBXYM2bkzBe/B+NJP8vWQcY1EKk5WcTM:B8gSsFwdPCfBXY1Ke/gNN8vWQcY1EKkM

Malware Config

Extracted

Family

gafgyt

C2

239.255.255.250:1900

Targets

    • Target

      4470dffdf485099a7ebbe92b3e8d1db1ff14d8b2c39e3aabaa69c8122e86b91b.elf

    • Size

      168KB

    • MD5

      635310bf9fce382320b3ee8716a1424f

    • SHA1

      e80ec55bfb60d8629d887e07f925adcc09edd301

    • SHA256

      4470dffdf485099a7ebbe92b3e8d1db1ff14d8b2c39e3aabaa69c8122e86b91b

    • SHA512

      7889bb91634d2dbaa7c5eb70314f7d80590fc770cb31e178c547f38a0ccccd6c297d831b687589126316ea80d8a237ccd6afc4e0b41b8103b0ad9c6575a6cd88

    • SSDEEP

      3072:8PSi28gcKeX9BCxDFwlcgPifbAIBXYM2bkzBe/B+NJP8vWQcY1EKk5WcTM:B8gSsFwdPCfBXY1Ke/gNN8vWQcY1EKkM

    Score
    7/10
    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

MITRE ATT&CK Enterprise v15

Tasks